Plecost is a WordPress finger printer tool. It searches and retrieves information about the plugin versions installed in WordPress systems. It can analyze a single URL or perform an analysis based on the results indexed by Google. Additionally displays CVE code associated with each plugin.
Plecost retrieves the information contained on Web sites supported by WordPress, and also allows a search on the results indexed by Google.
We can also call it a WordPress vulnerability scanner.
If we are about to perform penetration testing on many webservers and we know there are many web applications running WordPress, Plecost will do the rest! It will give us the CVE ID and we can try to exploit it!
How to use Plecost?
./plecost-0.2.2-7-beta.py [options] [ URL | [-l num] -G]
Sample:
plecost -R plugins.txt -n 5
plecost -i plugin_list.txt -s 12 -M 30 -t 20 -o results.txt www.example1234.com
plecost -i plugin_list.txt -s 12 -M 30 -o results.txt www.example1234.com ( Search plugins with sleep time between 12 and 30 seconds for www.example1234.com )
Operating systems supported:
It is a Python script. So, the only dependencies are the relevant Python modules.
Download Plecost version 016 Beta here
If you enjoyed this article, you might also like:
- September 8, 2010 -- UPDATE: DLLHijackAuditor v2!
Our first post regarding the DLLHijackAuditor can be found here. Now, the author has released an upd... - August 31, 2010 -- DllHijackAuditor: Audit the DLL Hijacking Vulnerability!
DllHijackAuditor is the smart tool to audit against the DLL Hijacking Vulnerability on any Windows a... - August 18, 2010 -- UPDATE: WhatWeb v0.4.5!
We originally wrote about WhatWeb in our previous post here. It has now been updated to WhatWeb ve... - August 18, 2010 -- Nmapsi: A NMAP GUI!
Yet another nmap GUI - NmapSi is a complete Qt-based GUI with the design goals to provide a complete... - August 11, 2010 -- DOMScan: Tool for Scanning and Analyzing DOM
DOMScan is utility to drive IE and capture real time DOM from the browser. It gives access to active... - July 19, 2010 -- PenTestIT Post Of The Day: Black-box Web Vulnerability Scanners!
What is the article about?Black-box web vulnerability scanners are a class of tools that can be ... - July 1, 2010 -- UPDATE: WhatWeb v0.4.4!
We originally wrote about WhatWeb in our previous post here. WhatWeb has now been updated to ver... - June 28, 2010 -- PenTestIT Post Of The Day: A Study of Clickjacking Vulnerabilities on Popular Sites!
Web framing attacks such as clickjacking use iFrames to hijack a user's web session. The most common... - June 18, 2010 -- Integrate Nmap with NSE for Vulnerability Scanner.
Performing a vulnerability scan is extremely resources consuming. Why not add a effortless vulnerabi...
Tagged as: plecost, Vulnerability Scanner, WordPress Exploit Scanner
You must log in to post a comment.